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Question 1 (5+5+10=20 marks) 


a) 


b) 


Define the terms confidentiality, integrity, availability, authenticity, and accountability 
in the context of Internet security. 

Cryptographers and cryptanalysts are both interested in cryptography. Explain each 
of their roles, and how they differ. 

With aid of a diagram, describe a three round Feistel encryption scheme of a block 


of data with length 2w and a key K. 


Question 2 (2+8+8+2=20 marks) 


If Alice sends a plaintext message to Bob, what does Bob need to prove that Alice 
did send the message (even if she later denies having done so)? 

How can public key cryptography be used to implement your solution to (a)? 
Explain how the RSA algorithm could achieve your implementation in (b). 

Name and give a one-sentence description of an alternate algorithm that could be 


used in place of RSA. 


Question 3 (4+4+12=20 marks) 


a) 
b) 


Cc) 


What is the role of an Authentication Server (AS) in Kerberos? 
What is the role of a Ticket Granting Server (TGS) in Kerberos? 
Describe the principles involved in a client first authenticating him or herself, and 


then later establishing a secure communication session with another server. 


Question 4 (4+2+4+10=20 marks) 


a) 


Give two kinds of threats that can affect the confidentiality of a Web service, explain 
their consequences, and give possible countermeasures. 

What is the difference between SSL and TLS? Explain why HTTPS can use either 
SSL or TLS. 

Explain how a secure communication is established using the HTTPS protocol. 
Assume a system S is running an SSH server to which you have the ability to 
connect. S is on a network that has access to a host H that is not directly available 
from your client machine C. How can you use your connection to S to establish a 


secure connection from C to H? 
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Question 5 (5+3+4+8=20 marks) 


a) With aid of a diagram, explain how a Virtual Private Network (VPN) can be set up 
over the Internet. 

b) Describe three types of malicious software. 

Cc) Statistical anomaly detection falls into two broad categories: Threshold detection, 


and Profile-based. Explain the difference between these two approaches, and why 
threshold analysis is often ineffective. 
d) What is deep packet inspection, and how can it be used? What are the practical 


implications of using deep packet inspection with stateful firewalls? 
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